Kubescape 4.0 Graduates Runtime Threat Detection to GA and Introduces Security Scanning for AI Agents on Kubernetes

Overview

Kubescape, the open-source Kubernetes security platform maintained by ARMO under the Cloud Native Computing Foundation, released version 4.0 on March 26 at KubeCon + CloudNativeCon Europe 2026 in Amsterdam. The release promotes two long-incubating capabilities — runtime threat detection and Kubescape Storage — to general availability, while introducing a new category of security controls designed to audit AI agent workloads running inside Kubernetes clusters.

Kubescape entered the CNCF as a sandbox project in January 2023 and was accepted as an incubating project in January 2025. The 4.0 release marks the project’s transition from a configuration scanner into a full runtime security platform.

Runtime Threat Detection Reaches General Availability

The headline feature in Kubescape 4.0 is the promotion of its runtime threat detection engine to stable status. The system monitors processes, Linux capabilities, system calls, network and HTTP events, and file system activity across cluster workloads. Detection rules are written in the Common Expression Language (CEL) and operate directly against Application Profiles, which serve as learned behavioral baselines for each workload.

By comparing live activity against these baselines, the engine identifies anomalous behavior without requiring manually authored signatures for every threat pattern. ARMO claims the approach reduces CVE noise by over 95 percent, surfacing only vulnerabilities that are actually reachable at runtime rather than flagging every package present in a container image.

Rules and their bindings are managed as Kubernetes Custom Resource Definitions, and alerts can be exported to AlertManager, SIEM tools, Syslog, stdout, or HTTP webhooks.

Kubescape Storage and Architecture Changes

Alongside runtime detection, Kubescape Storage also graduates to GA. The component uses the Kubernetes Aggregated API to provide a centralized repository for Application Profiles, software bills of materials (SBOMs), and vulnerability manifests, keeping security metadata separate from the cluster’s standard etcd instance.

The release also removes the host-sensor DaemonSet, a component that the community had flagged as intrusive and difficult to audit from a security standpoint. Its capabilities have been folded into a single node-agent per node with direct API integration to the core microservices, eliminating the need for ephemeral high-privilege pods.

First Open-Source Controls for AI Agent Security

Kubescape 4.0 introduces security scanning for KAgent, the CNCF sandbox project for AI orchestration on Kubernetes. The release ships 15 controls based on OPA’s Rego language that cover 42 security-critical configuration points across KAgent’s Custom Resource Definitions.

These controls check for common misconfigurations such as empty security contexts in default deployments, missing NetworkPolicies that would leave agent traffic unfiltered, and over-privileged controller-wide namespace watching that could expose sensitive workloads. The feature also includes a KAgent-native plugin that allows AI assistants to query the cluster’s security posture, inspect vulnerability manifests, review RBAC issues, and analyze container behavior.

This is the first time the project has targeted the security of AI agents themselves, alongside its established scanning capabilities for standard Kubernetes workloads.

Compliance and Benchmark Updates

The release adds support for CIS Benchmark version 1.12 for vanilla Kubernetes and version 1.8 for Amazon EKS and Azure AKS. Kubescape continues to support the NSA-CISA and MITRE ATT&CK frameworks for compliance scanning.

Maintainer Changes

The 4.0 cycle brings Amir Malka on as a new maintainer, while David Wertenteil and Craig Box move to emeritus status. The project continues to be primarily maintained by ARMO and accepts contributions from the broader community.